diff options
Diffstat (limited to '')
-rw-r--r-- | .github/CODEOWNERS | 2 | ||||
-rw-r--r-- | .github/ISSUE_TEMPLATE/bug_report.md | 6 | ||||
-rw-r--r-- | .github/dependabot.yml | 5 | ||||
-rw-r--r-- | .github/lower-constraints.txt | 19 | ||||
-rw-r--r-- | .github/release-drafter.yml | 4 | ||||
-rw-r--r-- | .github/workflows/ack.yml | 3 | ||||
-rw-r--r-- | .github/workflows/push.yml | 2 | ||||
-rw-r--r-- | .github/workflows/redirects.yml | 4 | ||||
-rw-r--r-- | .github/workflows/release.yml | 48 | ||||
-rw-r--r-- | .github/workflows/tox.yml | 146 |
10 files changed, 130 insertions, 109 deletions
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 3d3aa8e..d1f5d6b 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -* @ansible/devtools @ansible/ansible-lint-external-contributors +* @ansible/devtools diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 041a61a..8413eed 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -2,7 +2,7 @@ name: Bug report about: > Create a bug report. Ensure that it does reproduce on the main branch with - python >=3.9. For anything else, please use the discussion link below. + python >=3.10. For anything else, please use the discussion link below. labels: bug, new --- @@ -53,8 +53,8 @@ Possible security bugs should be reported via email to `security@ansible.com` <!--- Describe what happened. If possible run with extra verbosity (-vvvv) --> -Please give some details of what is happening. -Include a [minimum complete verifiable example] with: +Please give some details of what is happening. Include a [minimum complete +verifiable example] with: - minimized playbook to reproduce the error - the output of running ansible-lint including the command line used diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6a4dae2..e371e48 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,7 +9,10 @@ updates: labels: - dependabot-deps-updates - skip-changelog - versioning-strategy: lockfile-only + groups: + dependencies: + patterns: + - "*" - package-ecosystem: "github-actions" directory: "/" schedule: diff --git a/.github/lower-constraints.txt b/.github/lower-constraints.txt new file mode 100644 index 0000000..e87af5c --- /dev/null +++ b/.github/lower-constraints.txt @@ -0,0 +1,19 @@ +# This file is kept in a different directory than .config in order to not be +# automatically updated by dependabot. This should be kept in sync with +# minimal requirements configured inside .config/requirements.in +ansible-core==2.13.0 +ansible-compat==24.5.1 # GPLv3 +black==24.3.0 # MIT (security) +filelock==3.3.0 # The Unlicense +jsonschema==4.10.0 # MIT, version needed for improved errors +packaging==21.3 +pathspec==0.10.3 +pyyaml==5.4.1 +rich==12.0.0 +ruamel.yaml==0.18.5 # MIT +subprocess-tee==0.4.1 # MIT, used by ansible-compat +# https://packages.ubuntu.com/noble/python3-wcmatch +# https://packages.fedoraproject.org/pkgs/python-wcmatch/python3-wcmatch/ +wcmatch==8.1.2; python_version < '3.12' # EPEL 8 +wcmatch==8.5.0; python_version >= '3.12' +yamllint == 1.30.0 diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 11fa614..b2c18a9 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -1,3 +1,3 @@ --- -# see https://github.com/ansible/devtools -_extends: ansible/devtools +# see https://github.com/ansible/team-devtools +_extends: ansible/team-devtools diff --git a/.github/workflows/ack.yml b/.github/workflows/ack.yml index 291eb88..60853af 100644 --- a/.github/workflows/ack.yml +++ b/.github/workflows/ack.yml @@ -7,4 +7,5 @@ name: ack jobs: ack: - uses: ansible/devtools/.github/workflows/ack.yml@main + uses: ansible/team-devtools/.github/workflows/ack.yml@main + secrets: inherit diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 1debf04..751e431 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -10,4 +10,4 @@ name: push jobs: ack: - uses: ansible/devtools/.github/workflows/push.yml@main + uses: ansible/team-devtools/.github/workflows/push.yml@main diff --git a/.github/workflows/redirects.yml b/.github/workflows/redirects.yml index fcc5eea..a988f68 100644 --- a/.github/workflows/redirects.yml +++ b/.github/workflows/redirects.yml @@ -18,8 +18,8 @@ jobs: environment: release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 - name: Upgrade Python toolchain run: python3 -m pip install --upgrade pip setuptools wheel diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 317b5e1..d9adfb0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,4 @@ --- -# cspell:ignore mislav name: release "on": @@ -10,11 +9,18 @@ name: release jobs: # https://github.com/marketplace/actions/actions-tagger actions-tagger: + needs: pypi # do not move the mobile tag until we publish runs-on: windows-latest + permissions: + # Give the default GITHUB_TOKEN write permission. + # https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/ + contents: write steps: - uses: Actions-R-Us/actions-tagger@latest - env: - GITHUB_TOKEN: "${{ github.token }}" + with: + token: "${{ github.token }}" + # Do not activate latest tag because it seems to affect RTD builds + # publish_latest_tag: true pypi: name: Publish to PyPI registry environment: release @@ -28,50 +34,24 @@ jobs: TOXENV: pkg steps: - - name: Switch to using Python 3.9 by default - uses: actions/setup-python@v4 + - name: Switch to using Python 3.10 by default + uses: actions/setup-python@v5 with: - python-version: 3.9 + python-version: "3.10" - name: Install tox run: python3 -m pip install --user "tox>=4.0.0" - name: Check out src from Git - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 # needed by setuptools-scm submodules: true - name: Build dists - run: python -m tox + run: python3 -m tox - name: Publish to pypi.org if: >- # "create" workflows run separately from "push" & "pull_request" github.event_name == 'release' uses: pypa/gh-action-pypi-publish@release/v1 - - homebrew: - name: Bump homebrew formula - environment: release - runs-on: ubuntu-22.04 - needs: pypi - - env: - FORCE_COLOR: 1 - PY_COLORS: 1 - TOXENV: pkg - - steps: - - name: Check out src from Git - uses: actions/checkout@v3 - with: - fetch-depth: 0 # needed by setuptools-scm - submodules: true - - - name: Bump homebrew formula - uses: mislav/bump-homebrew-formula-action@v2.2 - with: - # A PR will be sent to github.com/Homebrew/homebrew-core to update this formula: - formula-name: ansible-lint - env: - COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }} diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml index 3220155..3321e37 100644 --- a/.github/workflows/tox.yml +++ b/.github/workflows/tox.yml @@ -18,8 +18,8 @@ env: PY_COLORS: 1 jobs: - pre: - name: pre + prepare: + name: prepare runs-on: ubuntu-22.04 outputs: matrix: ${{ steps.generate_matrix.outputs.matrix }} @@ -28,8 +28,9 @@ jobs: id: generate_matrix uses: coactions/dynamic-matrix@v1 with: - min_python: "3.9" - max_python: "3.11" + min_python: "3.10" + max_python: "3.12" + default_python: "3.10" other_names: | lint pkg @@ -37,12 +38,15 @@ jobs: docs schemas eco - py-devel + pre + py311-devel + py310-lower + py312-lower platforms: linux,macos test-action: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Self test for ansible-lint@${{ github.action_ref || 'main' }} uses: ./ with: @@ -52,14 +56,13 @@ jobs: name: ${{ matrix.name }} runs-on: ${{ matrix.os || 'ubuntu-22.04' }} needs: - - pre - - test-action + - prepare defaults: run: shell: ${{ matrix.shell || 'bash'}} strategy: fail-fast: false - matrix: ${{ fromJson(needs.pre.outputs.matrix) }} + matrix: ${{ fromJson(needs.prepare.outputs.matrix) }} # max-parallel: 5 # The matrix testing goal is to cover the *most likely* environments # which are expected to be used by users in production. Avoid adding a @@ -67,29 +70,17 @@ jobs: # proof that we failed to catch a bug by not running it. Using # distribution should be preferred instead of custom builds. env: - # vars safe to be passed to wsl: - WSLENV: FORCE_COLOR:PYTEST_REQPASS:TOXENV:GITHUB_STEP_SUMMARY # Number of expected test passes, safety measure for accidental skip of # tests. Update value if you add/remove tests. - PYTEST_REQPASS: 805 + PYTEST_REQPASS: 884 steps: - - name: Activate WSL1 - if: "contains(matrix.shell, 'wsl')" - uses: Vampire/setup-wsl@v2 - - - name: MacOS workaround for https://github.com/actions/virtual-environments/issues/1187 - if: ${{ matrix.os == 'macOS-latest' }} - run: | - sudo sysctl -w net.link.generic.system.hwcksum_tx=0 - sudo sysctl -w net.link.generic.system.hwcksum_rx=0 - - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 # needed by setuptools-scm submodules: true - name: Set pre-commit cache - uses: actions/cache@v3 + uses: actions/cache@v4 if: ${{ matrix.passed_name == 'lint' }} with: path: | @@ -97,7 +88,7 @@ jobs: key: pre-commit-${{ matrix.name || matrix.passed_name }}-${{ hashFiles('.pre-commit-config.yaml') }} - name: Set ansible cache(s) - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | .cache/eco @@ -107,16 +98,16 @@ jobs: ~/.ansible/roles key: ${{ matrix.name || matrix.passed_name }}-${{ hashFiles('tools/test-eco.sh', 'requirements.yml', 'examples/playbooks/collections/requirements.yml') }} - - name: Set up Python ${{ matrix.python_version || '3.9' }} + - name: Set up Python ${{ matrix.python_version || '3.10' }} if: "!contains(matrix.shell, 'wsl')" - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: cache: pip - python-version: ${{ matrix.python_version || '3.9' }} + python-version: ${{ matrix.python_version || '3.10' }} - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: 18 + node-version: 20 cache: "npm" cache-dependency-path: test/schemas/package-lock.json @@ -139,27 +130,14 @@ jobs: - name: tox -e ${{ matrix.passed_name }} run: python3 -m tox -e ${{ matrix.passed_name }} - - name: Combine coverage data - if: ${{ startsWith(matrix.passed_name, 'py') }} - # produce a single .coverage file at repo root - run: tox -e coverage - - - name: Upload coverage data - if: ${{ startsWith(matrix.passed_name, 'py') }} - uses: codecov/codecov-action@v3 - with: - name: ${{ matrix.passed_name }} - fail_ci_if_error: false # see https://github.com/codecov/codecov-action/issues/598 - token: ${{ secrets.CODECOV_TOKEN }} - verbose: true # optional (default = false) - - name: Archive logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: logs.zip - path: .tox/**/log/ - # https://github.com/actions/upload-artifact/issues/123 - continue-on-error: true + name: logs-${{ matrix.name }}.zip + path: | + .tox/**/log/ + .tox/**/.coverage* + .tox/**/coverage.xml - name: Report failure if git reports dirty status run: | @@ -186,11 +164,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -201,17 +179,18 @@ jobs: # queries: security-extended,security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" - check: # This job does nothing and is only used for the branch protection + check: if: always() permissions: - pull-requests: write # allow codenotify to comment on pull-request + id-token: write + checks: read needs: - build @@ -220,17 +199,56 @@ jobs: runs-on: ubuntu-latest steps: + # checkout needed for codecov action which needs codecov.yml file + - uses: actions/checkout@v4 + + - name: Set up Python # likely needed for coverage + uses: actions/setup-python@v5 + with: + python-version: "3.12" + + - run: pip3 install 'coverage>=7.5.1' + + - name: Merge logs into a single archive + uses: actions/upload-artifact/merge@v4 + with: + name: logs.zip + pattern: logs-*.zip + # artifacts like py312.zip and py312-macos do have overlapping files + separate-directories: true + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: logs.zip + path: . + + - name: Check for expected number of coverage.xml reports + run: | + JOBS_PRODUCING_COVERAGE=8 + if [ "$(find . -name coverage.xml | wc -l | bc)" -ne "${JOBS_PRODUCING_COVERAGE}" ]; then + echo "::error::Number of coverage.xml files was not the expected one (${JOBS_PRODUCING_COVERAGE}): $(find . -name coverage.xml |xargs echo)" + exit 1 + fi + + - name: Upload coverage data + uses: codecov/codecov-action@v4 + with: + name: ${{ matrix.passed_name }} + # verbose: true # optional (default = false) + fail_ci_if_error: true + use_oidc: true # cspell:ignore oidc + + - name: Check codecov.io status + if: github.event_name == 'pull_request' + uses: coactions/codecov-status@main + - name: Decide whether the needed jobs succeeded or failed uses: re-actors/alls-green@release/v1 with: jobs: ${{ toJSON(needs) }} - - name: Check out src from Git - uses: actions/checkout@v3 - - - name: Notify repository owners about lint change affecting them - uses: sourcegraph/codenotify@v0.6.4 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # https://github.com/sourcegraph/codenotify/issues/19 - continue-on-error: true + - name: Delete Merged Artifacts + uses: actions/upload-artifact/merge@v4 + with: + delete-merged: true |